Researchers warn of a new phishing campaign targeting Office 365 users who return to work after lockdown. The hackers continue to exploit his pandemic COVID-19, adapting their technique to the current situation. The attack techniques they adopt depend on the situation of the companies in each area. For example, in places where COVID-19 spreads alarmingly, cybercriminals use "baits" associated with the virus. In other areas where the pandemic is under control as workers return to work, hackers target them with e-mail which are supposed to provide educational resources on the Coronation.
As they are businesses open again, COVID-19 continues to be a threat and so organisms apply programs testing but also new rules in the workplace to prevent new infections. To prepare their employees for this new "normality", many organizations conduct online seminars and short training courses, in an effort to explain to their employees the limitations and requirements of the new conditions. Cybercriminals are constantly on the alert to take advantage of new opportunities, so it is not surprising that researchers have spotted cybercriminals sending phishing emails and malicious files, which are supposed to be information and training material for COVID-19. The phishing campaign targets Office 365 users with spam emails that include a link to enroll in education. The link redirects users to a malicious page designed to deceive them into giving them credentials their.
CheckPoint researchers say attacks associated with pandemic are reduced. Specifically, in June the attacks amounted to about 130.000, on average, per week, down 24% compared to the corresponding weekly average in May. Researchers have also noticed new phishing campaigns that use emergencies as bait, including the movement. Black Lives Matter (BLM).
At the beginning of June, when there were numerous protests around the world, on the occasion of the murder of the African-American George Floyd by a "white" policeman, the CheckPoint investigators
discovered a spam campaign related to the movement. The emails sent are distributed by malware Trickbot as a malicious doc file in the form, “e-vote_form _ ####. Doc ”(# = digit). Emails are sent with topics such as "Have your say on Black Lives Matter", "Leave an anonymous comment on Black Lives Matter" or "Vote anonymously on Black Lives Matter". By opening spam emails and clicking on the attachment, users redirect to a page that claims to provide Office information, which is actually linked to two malicious addresses. URL loading Trickbot malware.
CheckPoint researchers also point out that due to rising unemployment, they have escalated to USA and in Europe cyber-attacks related to CVs for jobs, where malicious files appear in the form of CVs. Finally, the researchers report that the number of malicious files that have been detected has doubled in the last two months, while one of the 450 malicious files is a biographical scam aimed at job seekers.